Not applicable
Not applicable
1 . Field of the Invention
The present invention relates generally to telecommunications systems and more particularly to an improved system for detecting, analyzing and preventing fraudulent use of telephone calling card numbers. The invention provides enhanced intelligence and efficiency in detecting fraudulent use of calling card numbers and may therefore assist a telephone company in better identifying and responding to calling card fraud.
2 . Description of the Prior Art
Telephone fraud is a major area of abuse in the United States and throughout the world. Such fraud frequently involves the unauthorized or bogus use of telephone billing numbers, which have been assigned to customers and are associated with customer billing accounts. These numbers are typically imprinted or encoded on wallet sized cards, which are provided to customers to enable the customers to easily charge calls to their respective billing accounts. Consequently, these numbers are commonly referred to as telephone calling card numbers. As those of ordinary skill in the art will appreciate, however, the terms xe2x80x9ccalling card number,xe2x80x9d xe2x80x9cbilling numberxe2x80x9d and xe2x80x9cbill numberxe2x80x9d are not restricted to card-based numbers but may refer more generally to any number used to bill or track telecommunications services.
The present invention may be used in the context of telecommunications networks generally, including, for example, the telephone network depicted and described in U.S. Pat. No. 5,602,906, issued on Feb. 11, 1997 in the name of Phelps, for a toll fraud detection system (xe2x80x9cthe Phelps patent.xe2x80x9d) The Phelps patent, which is assigned to the assignee of the present invention, is expressly incorporated herein by reference.
A typical telecommunications network includes telephone units interconnected to each other via central offices owned by local exchange carriers (LECs). These central offices are in turn interconnected to each other via network equipment owned by long distance service providers, or interexchange carriers (IXCs). The LEC provides local switches for receiving and forwarding calls placed to and from the interconnected telephone units as well as a tandem switch for passing calls between the local switches and the IXC. The IXC in turn commonly includes tandem switches designed to receive and forward calls to and from the LECs and from point to point throughout the IXC""s long distance network.
In the United States, when a call is placed from a telephone unit, equipment in the LEC central office examines the originating and target phone numbers in order to determine the availability of the target phone and in order to properly handle and bill the call. For local calls, one or more switches in the central office routes the call from the originating phone to the target phone if the target phone is available.
For long distance calls made with a calling card, a user typically places an initial call to a calling card platform in order to input the user""s card number and destination phone number. In many cases, this initial call is toll-free and may, for instance, take the form of a 1-800 (or 1-888) phone number. When the user dials a 1-800 number, LEC equipment first determines which interexchange carrier is designated to handle calls placed to that 1-800 number. This determination is typically made by passing a data message to a local signal transfer point (STP) in the LEC, which may query a database to find an associated IXC. In turn, after identifying the IXC, local equipment queries the long distance carrier to determine whether the carrier and its equipment is properly available to handle the call and whether the carrier agrees to handle the call. This query passes between signal transfer points in the form of a data message identifying information about the call such as the originating number, the target number, and the caller""s billing number or calling card number.
IXC equipment examines this information to determine whether the call should be placed and, if so, which equipment or logic should handle the call. Upon receiving confirmation that the proper lines and switches are available along the call path from the originating phone through the target phone, the switches along the call path then complete the call.
In advanced telecommunications systems, interexchange carriers have seen a need to provide specialized services to meet diverse customer needs. In order to provide call handling services to meet these diverse needs, an interexchange carrier may include in each of its switches multiple xe2x80x9coriginating partitionsxe2x80x9d or xe2x80x9co-parts,xe2x80x9d which identify logic for handling calls or bill numbers of particular types. O-parts have typically been used to provide xe2x80x9cvirtual private networksxe2x80x9d (VPNs), which define the IXC calling network available for specified bill types.
As an example, an IXC may provide multiple calling cards to a corporate customer for use by the corporation""s employees. Calls made with these cards bear a bill type representing the corporate customer. Therefore, all of these calling cards may be associated with a specific O-part in the IXC""s switches, and the o-part may identify logic such as a VPN in the IXC""s switches for processing calls made with the cards. In this scenario, customers using these cards may or may not be aware that their calls are being handled in a special way by a virtual private network, depending on the design of the network.
As another example, interexchange carriers may sell long distance service to local exchange carriers or other companies throughout the country that act as apparent xe2x80x9clong distance service providersxe2x80x9d to callers. An LEC, for instance, may establish its xe2x80x9cownxe2x80x9d long distance service for its customers by arranging for an interexchange carrier to supply the service and providing its customers with calling cards. By arrangement with the IXC, these calling cards may be associated with an o-part in the IXC""s switches that defines custom logic for processing calls made with the cards.
Fraudulent use of calling card numbers has evolved over the years and has unfortunately responded to telephone company detection efforts. More particularly, as interexchange carriers have developed new systems to detect and prevent fraud, criminals have developed new tactics for defeating those very detection schemes. In an early form, for instance, calling card fraud was detected by customers or long distance service providers who recognized the existence of unauthorized charges on customer billing statements. In response, interexchange carriers developed systems for monitoring records of completed calls, in search of aberrations or telltale signs of fraud. In turn, however, criminals developed methods of maximizing their fraudulent use of card numbers before the calls are completed. For example, organized groups of criminals have arranged to simultaneously or serially make multiple calls from phones across the country using a single stolen calling card number. As another example, criminals have used stolen card numbers to make expensive overseas calls that last many hours at a time and that evade detection until completed.
Calling card fraud has subjected interexchange carriers and others to financial loss, in part because the charges for such calls are frequently uncollectible. This is especially the case when unauthorized use is made of calling card numbers for placing international calls, because the interexchange carrier handling the call may have to transfer payments to the destination telephone company, even if the toll charge is uncollectible.
In addition, the existing methods and systems of fraud detection employed by interexchange carriers have been only partially successful. This is illustrated, for example, by the fact that some interexchange carriers will not place calls using a billing number to certain suspect countries. This scheme, of course, unfortunately prevents some legitimate billing number calls from going through to these countries.
Further, fraudulent use of calling card numbers issued by local exchange carriers or other xe2x80x9cservice providersxe2x80x9d may not only affect the interexchange carrier that actually provides the service, but may also affect customer perception of the local company that issues the cards. In some circumstances, these companies may in turn suffer financial loss as a result of such calling card fraud.
A need therefore exists for a more efficient and intelligent system of calling card fraud detection.
In a principal aspect, the present invention comprises an improved system for detecting calling card fraud in a telecommunications network. Through its combined features, the present invention enables more intelligent and efficient detection of fraud and thereby facilitates enhanced, real-time fraud prevention and cost savings.
The present invention provides enhanced intelligence and efficiency through features that enable fraud analysis to be better customized and managed. Improved customization is achieved in part by employing existing information in the telecommunications network that identifies the service provider or provider of the bill number at issue and in part by providing a variable set of rules for responding to fraud determinations. Improved management of fraud analysis is provided in part by maintaining a case-subcase arrangement of fraud analysis information, by providing streamlined access to information in relevant cases, and by monitoring the ongoing fraud analysis process. Further, the invention beneficially provides for substantially real time analysis of not only completed calls but also call attempts, thus enabling interexchange carriers to minimize the presence and effect of calling card fraud.
The invention applies a set of fraud analysis routines to a call attempt in an effort to determine whether the call attempt involves fraudulent use of a bill number. In a preferred embodiment, the set of fraud analysis routines is selected based upon the identity of the bill type or service provider for the given bill number and may therefore be customized to suit the needs of the service provider. For this purpose, the invention conveniently obtains the identification of the bill type or service provider from the originating partitions contained in network switches.
When a user attempts to make a call using a bill number, regardless of whether the user""s bill number is approved, the IXC generates a validation log message (VLM) that contains information about the call attempt and that beneficially includes an identification of the originating partition handling the call. Depending on the identity of the originating partition as specified by the VLM, the VLM is then directed to one of multiple fraud analysis platforms for processing. In this way, specific fraud analysis may be efficiently tailored to meet varying needs.
Once the VLM arrives at the designated fraud platform, the VLM is subjected to a first group of fraud rules designed to determine whether the call attempt is likely to involve fraudulent use of the bill number. For this purpose, pertinent factors representing telltale signs of fraud are developed through actual experience, and the rules are modified as necessary to incorporate these factors. Based on an application of these rules, if the call attempt is believed to be fraudulent, the system generates a fraud alert indicating the likelihood that the call is fraudulent, and the system passes the alert to a case manager for further analysis. The alert preferably consists of a database record that contains information about the call attempt, including the likelihood that the call attempt involves fraudulent use of the respective bill number.
In the preferred embodiment, the case manager builds fraud cases on a bill-number by bill-number basis in order to facilitate efficient analysis of fraud that may be occurring with respect to a given bill number. These cases preferably take the form of database records or xe2x80x9ccase recordsxe2x80x9d that are each individually associated with one bill number. Each case record is in turn related to at least one subcase record that defines a fraud analysis of the bill number. When a new alert is generated in relation to a bill number as to which an open case exists, the case manager appends the alert to the currently active subcase, for analysis together with the other alerts in the subcase. In the event a case exists for the bill number but the case has already been resolved, the case manager establishes a new subcase related to the case and appends the alert to the new subcase. Still alternatively, if a case record for the bill number does not yet exist or is not available, then the case manager establishes both a new case and subcase, and the case manager appends the alert to the new subcase.
The present invention enables streamlined access to existing fraud cases by interconnecting both a memory and a database file to the case manager. The memory holds fraud cases that have been accumulated over a preceding time period, say the past three hours. The database file, in contrast, preferably holds fraud cases that have been accumulated over a longer period of time, say the past three months. This configuration beneficially enables quick access to relatively recent information in the memory while still maintaining access to older information as well in the database file.
Once the case manager establishes or modifies a case for an existing alert, the invention beneficially applies an additional set of rules to the case. Among these second level rules, the present invention automatically blocks subsequent use of the bill number if any alert associated with the pending case represents a likelihood of fraud greater than a specified level. In this regard, however, the invention advantageously provides exceptions to automatic blocking. The invention may, for instance, include a file of bill numbers designated to not be automatically blocked, notwithstanding the presence of the specified minimum likelihood of fraud.
After these additional rules have been applied to the pending case, case records are then passed to a queue for manual analysis by fraud researchers. Each fraud researcher is positioned at a fraud workstation, which conveniently provides the researcher with access to case and subcase information, customer information and assorted tools configured to facilitate an educated review of the case at issue. For instance, by selecting various menu items or icons on a workstation display, the researcher may filter incoming cases, view or retrieve desired cases, and view customer account information.
The researcher in turn conducts an analysis of the case and may easily refer to the subcases within the case. Upon resolution of the case, the fraud researcher may elect to block the bill number from subsequent use or may choose to close the case and leave the bill number active.
As call attempts and completed calls are analyzed by the fraud system of the present invention, an administrative process is employed to monitor the status of ongoing analysis and to check for malfunctions in the system. The administrative process obtains status information from components of the system and may, for instance, generate system-wide warnings when malfunctions are detected. In this way, the present invention achieves still greater precision and efficiency in detecting and preventing calling card fraud.
These as well as other advantages of the present invention will become apparent to those of ordinary skill in the art by reading the following detailed description, with appropriate reference to the accompanying drawings.